package com.ruoyi.access.controller;


import com.alibaba.fastjson2.JSONObject;
import com.ruoyi.access.service.IAccessControlService;
import com.ruoyi.access.util.CryptoUtil;
import com.ruoyi.access.util.KeyPairUtil;
import com.ruoyi.access.util.SymmetricCryptoUtil;
import com.ruoyi.common.core.domain.AjaxResult;
import org.springframework.web.bind.annotation.*;

import javax.annotation.Resource;
import java.security.PrivateKey;
import java.util.Map;

@RestController
@RequestMapping("/did/access")
public class AccessControlController {

    @Resource
    private IAccessControlService service;

    // 用户提交访问申请
    @PostMapping("/request")
    public AjaxResult requestAccess(@RequestBody Map<String, String> payload) {
        try {
            // 1. 获取前端传递的加密数据
            String encryptedAESKey = payload.get("encryptedAESKey");
            String encryptedRequest = payload.get("encryptedRequest");

            // 2. 解密 AES 密钥
            PrivateKey privateKey = KeyPairUtil.loadPrivateKey("D:/Workspace/Master_work/code/Did_accessControl/privateKey.pem");
            String aesKey = CryptoUtil.decrypt(encryptedAESKey, privateKey);

            // 3. 用 AES 解密请求内容
            String decryptedJson = SymmetricCryptoUtil.decrypt(encryptedRequest, aesKey);

            // 4. 解析 JSON
            JSONObject obj = JSONObject.parseObject(decryptedJson);
            Long userId = obj.getLong("userId");
            String resourceType = obj.getString("resourceType");
            Long resourceId = obj.getLong("resourceId");
            String action = obj.getString("action");

            // 5. 业务逻辑
            Long requestId = service.submitRequest(userId, resourceType, resourceId, action);
            return AjaxResult.success("请求已提交", requestId);
        } catch (Exception e) {
            e.printStackTrace();
            return AjaxResult.error("请求处理失败: " + e.getMessage());
        }
    }

    @PutMapping("/approve/{requestId}")
    public AjaxResult approveAccess(@PathVariable Long requestId) {
        try {
            boolean success = service.approveAccessRequest(requestId);
            if (success) {
                return AjaxResult.success("访问请求已批准");
            } else {
                return AjaxResult.error("审批失败，请检查请求是否存在");
            }
        } catch (Exception e) {
            e.printStackTrace();
            return AjaxResult.error("审批过程中出现错误: " + e.getMessage());
        }
    }

    // 管理员/系统进行判定
    @PostMapping("/evaluate")
    public AjaxResult evaluate(@RequestParam Long requestId,
                               @RequestParam String resourceType,
                               @RequestParam Long resourceId,
                               @RequestParam String action) {
        try {

        } catch (Exception e){
            e.printStackTrace();
            return AjaxResult.error("无权访问数据");
        }
        String decision = service.evaluateRequest(requestId, resourceType, resourceId, action);
        return AjaxResult.success("决策结果: " + decision);
    }

    /**
     * 撤销权限
     * @param id 权限ID
     */
    @DeleteMapping("/permission/revoke/{id}")
    public AjaxResult revokePermission(@PathVariable("id") Long id) {
        try {
            boolean success = service.revokePermission(id);
            if (success) {
                return AjaxResult.success("权限已撤销");
            } else {
                return AjaxResult.error("撤销失败，未找到指定权限");
            }
        } catch (Exception e) {
            e.printStackTrace();
            return AjaxResult.error("撤销权限失败: " + e.getMessage());
        }
    }
}
